The secure storage of electronic information is a major concern for many organisations. In particular, the storage of customer information creates risks of privacy violations and theft of potentially valuable information. For example, many organisations store credit card information for their customers. The storage of a customer's credit card information obviates the need for the customer to re-enter the same credit card number, expiry date, and card name every time a credit card transaction is processed. Organisations with the ability to avoid this inconvenience and process transactions rapidly are likely to be more attractive to their customers. For example, the storage of credit card information enables the use of so-called ‘one click’ purchasing over the Internet, as described in U.S. Pat. No. 5,960,411, thereby increasing the completion rate of online purchases. Moreover, the storage of sensitive information such as credit card numbers avoids the need to re-transmit the information over potentially insecure communications networks, making it less vulnerable to theft during transmission, by transmission monitoring, for example.
On the other hand, the storage of such information is unlikely to ever be totally secure, and the stored information is always at least potentially vulnerable to theft by hackers, malicious staff, contractors, cleaners, IT services suppliers, etc. This risk is always present for any organisation that keeps such information on record. The loss of such information is embarrassing and is potentially extremely costly for the organisation. It is desired to provide a process and system that alleviate the above difficulties, or at least provide a useful alternative.